[c-nsp] pix upgrade to 7.x from 6.34

nevot r.nevot at gmail.com
Sat Feb 18 15:24:14 EST 2006


we have recently upgraded to 128Mb RAM and we are using pre-shared key in
our scenario.
Only a VPN established with a VPN3k of cisco seemed to work ok. Other
parties with netscreen, and linux-racoon-ipsectools suffered same problems.
Connections were dropped with a message like 'Teardown tcp ... Tunnel has
been torn down'.

We'll mount a PIX and some clients to test it accurately.


2006/2/18, Brant I. Stevens <branto at branto.com>:
>
> Ditto the sentiments on the usability of the 7.x code.  One caveat on the
> 515E family is to be wary of memory consumption, especially if you only
> have
> 64MB of RAM.
>
> Another issue to be aware of is an issue with reaching some websites.  (
>
> http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note0918
> 6a00804c8b9f.shtml, or, http://alnk.org/smartgig)
>
> You might end up pulling your hair out trying to figure it out.
>
> For me, the pseudo-hitless IPSec VPN failover is most welcomed.
>
>
> On 2/18/06 12:27 PM, "Jim McBurnett" <jim at tgasolutions.com> wrote:
>
> > I have 7.x running in several sites, and have not seen the VPN problems.
> > With the exception of the pre-shared key note below and the split tunnel
> > standard access list bugs, I have had pretty good success.
> >
> > I think 7.11 fixed both of these issues..
> >
> >
> > Jim
> >
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net
> > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Joseph Jackson
> > Sent: Saturday, February 18, 2006 3:26 AM
> > To: Adam Maloney; cisco-nsp at puck.nether.net
> > Subject: RE: [c-nsp] pix upgrade to 7.x from 6.34
> >
> > Well I did the upgrade an hour ago and everything seemed to go ok.  One
> > thing I did notice was that for our remote vpn users I had to add back
> > in the dns server info.  Also have to redo the pre-shared key for the
> > site to sites stuff but other than that it went really well.
> >
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net
> > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Adam Maloney
> > Sent: Friday, February 17, 2006 6:01 AM
> > To: cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] pix upgrade to 7.x from 6.34
> >
> > That was remote users.  I have 76 l2l sessions with quite a few up for
> > multiple days:
> >
> > Duration     : 10d 4h:10m:17s
> > Duration     : 9d 3h:52m:48s
> > Duration     : 9d 3h:52m:48s
> > Duration     : 9d 3h:52m:48s
> > Duration     : 8d 3h:50m:55s
> > Duration     : 8d 0h:12m:55s
> > Duration     : 7d 21h:22m:00s
> > Duration     : 9d 3h:52m:29s
> > Duration     : 9d 3h:52m:27s
> > Duration     : 9d 3h:52m:11s
> > Duration     : 9d 3h:51m:52s
> > Duration     : 10d 3h:01m:41s
> > Duration     : 8d 17h:48m:13s
> > Duration     : 10d 3h:01m:41s
> > Duration     : 7d 9h:50m:39s
> > Duration     : 9d 3h:51m:32s
> > Duration     : 7d 5h:40m:28s
> > Duration     : 7d 20h:22m:07s
> > Duration     : 9d 3h:51m:04s
> > Duration     : 9d 3h:51m:04s
> > Duration     : 9d 3h:51m:04s
> > Duration     : 9d 3h:51m:04s
> > Duration     : 9d 3h:48m:44s
> > Duration     : 9d 3h:47m:36s
> > Duration     : 8d 12h:02m:56s
> > Duration     : 9d 3h:13m:43s
> > Duration     : 9d 3h:13m:31s
> >
> >
> > On Fri, 17 Feb 2006, nevot wrote:
> >
> >> Remote users or remote lans?
> >> I am talking about lan2lan vpns
> >>
> >>
> >> 2006/2/17, Adam Maloney <adam at whee.org>:
> >>>
> >>> On Thu, 16 Feb 2006, nevot wrote:
> >>>
> >>>> In the other way, I just recently (half an hour ago) downgraded a
> > pair
> >>> of
> >>>> PIX515E because our VPNs were sistematically dropped every hour,
> > making
> >>> the
> >>>> vpns unusable. Though I will wait our provider's response, I think
> >>> version 7
> >>>> is not still ready for use, at least not in a IPSEC VPN scenario.
> >>>
> >>> I ran 7.0(2) for the last few months, then upgraded to 7.0(4) because
> > of a
> >>> AAA session-limit bug.  But other than that, no problems with remote
> > users
> >>> staying connected:
> >>>
> >>> Duration     : 2d 0h:59m:30s
> >>> Duration     : 3d 1h:23m:09s
> >>> Duration     : 1d 0h:28m:07s
> >>> Duration     : 7d 23h:52m:18s
> >>> Duration     : 3d 18h:52m:35s
> >>> Duration     : 1d 0h:01m:23s
> >>> Duration     : 1d 23h:08m:59s
> >>> Duration     : 10d 18h:59m:38s
> >>> Duration     : 8d 21h:25m:26s
> >>> Duration     : 1d 20h:52m:17s
> >>>
> >>> (Some of the day+ connections)
> >>>
> >>> I've been on 7.0(4) for:
> >>> up 12 days 17 hours
>


More information about the cisco-nsp mailing list